Key

This line was added.

This line was removed.

Formatting was changed.

Tutorial Overview

This tutorial demonstrates basic WebRTC support and functionality within Asterisk. Asterisk will be configured to support a remote WebRTC client, the sipml5 client, for the purposes of making calls to/from Asterisk within the Firefox web browser.

For this tutorial, it is assumed that you are logged in as the root user. It is also assumed that you are running a version of Asterisk that is at least 13.15.0 or 14.4.0 and have a recent version of Firefox, e.g. 54.0.

Check Asterisk Dependencies

To connect the sipml5 client to Asterisk, Asterisk must have been built with support for the res_crypto, res_http_websocket, and res_pjsip_transport_websocket resource modules. To optionally enable high-quality calls between Asterisk and the sipml5 client, Asterisk's Opus codec module is required. If Opus is not installed into Asterisk, lower-quality calls will still be possible. To check for the presence of these modules you can perform:

If the modules are not loaded, check your /etc/asterisk/modules.conf configuration file to make sure they are not explicitly disabled.

Tip

The Opus codec module can be installed directly using Asterisk's menuselect tool and is found in the External section of the Codec Translators category. Alternatively, you can use the utility here, or browse directly to the downloads server.

Create Certificates

Modern browsers require use of TLS and DTLS-SRTP for WebRTC signaling and media encryption. For Asterisk to use TLS and DTLS-SRTP, it is necessary to load certificates. Within this tutorial, we will create a self-signed certificate authority and server certificate. Some browsers require the use of publicly-signed certificates. The acquisition of publicly-signed certificates is outside the scope of this tutorial.

Asterisk provides a utility script, ast_tls_cert in its contrib/scripts source directory. We will use it to make a self-signed certificate authority and a server certificate for Asterisk, signed by our new authority.

Here, we've enabled the HTTP daemon and set its binding address and port - required for basic operation of the HTTP daemon. We have also enabled the TLS support, and have set the TLS binding address and port as well as the server key - the one we made in the previous step - to use.

To verify the web server is running, perform:

No Format

# netstat -an | grep 8089

And you should see:

No Format

tcp 0 0 0.0.0.0:8089 0.0.0.0:* LISTEN

Configure PJSIP

Next, we need to configure PJSIP. The sipml5 client uses Websocket as a transport, and connects to Asterisk's HTTP daemon, but it uses the SIP protocol. Asterisk's default channel driver for SIP communications is PJSIP. For more about PJSIP in Asterisk, you can refer to the Configuring res_pjsip pages.

PJSIP WSS Transport

Like Asterisk's HTTP daemon, which needs to be configured to listen for Websocket transports, PJSIP needs to be configured with Websocket transports. In this case, we will configure a PJSIP transport for Websocket using the "Secure Websocket" transport identifier wss. To your /etc/asterisk/pjsip.conf, you should add:

No Format

[transport-wss]
type=transport
protocol=wss
bind=0.0.0.0

PJSIP AoR and Auth

Next, we need to configure an entity within PJSIP to accept registration from our browser-based sipml5 client. To do this, we will create three PJSIP objects in our /etc/asterisk/pjsip.conf configuration file: an aor, an auth, and an endpoint.

Your aor and your auth should look something like:

No Format

[199]
type=aor
max_contacts=1
remove_existing=yes
[199]
type=auth
auth_type=userpass
username=199
password=199 ; This is a completely insecure password. Do NOT expose this
; system to the Internet without utilizing a better password.

Here, we establish that the thing registering with us will be known internally as "199" and that it will use 199 and 199 as its username and password registration credentials. Note that this is NOT SECURE and you should choose a MUCH better password if you're following any of these instructions.

PJSIP Endpoint

Next, we need to create an endpoint object that will reference this aor and auth as well as be provided with configuration parameters that are specific to WebRTC clients. Your endpoint in /etc/asterisk/pjsip.confs should look something like:

You may wish to reconfigure your services to non-standard ports, or narrow the possible source addresses for additional security.

5060: This is the standard port for SIP communications8089: This is the standard port for Secure Websockets when used with Asterisk's built-in HTTP sever10000:20000: This is the port range configured in rtp.conf for audio to flow.

Restart Asterisk

Next, we'll perform a graceful restart of Asterisk, where in-progress calls are allowed to complete before Asterisk is stopped, so that it can pick up the changes that we've made to its configuration. From the Linux console execute:

Browsers and WSS

When using WSS as a transport, Chrome and Firefox will not allow you, by default, to connect using WSS to a server with a self-signed certificate. Rather, you'll have to install a publicly-signed certificate into Asterisk. Or, you'll have to import the the self-signed certificate we made earlier into your browser's keychain, which is outside the scope of this Wiki.

Or, for Firefox and Chrome, you can open a separate browser tab and point it to Asterisk's HTTP server's TLS port and WS path, e.g. http://[ ip of asterisk server ]:8089/ws, and you can manually confirm the security exception.

Note

You may need to use https instead of http. If running Asterisk on your local machine, you could use https://localhost:8089/ws, for example.

Configure SIPML5

Info

SIPML5 is a useful client for testing Asterisk. Many real-world users explore other options that may include rolling your own client.

First, go back and read the previous section and make sure that you've opened a new tab in Firefox and visited http://[ ip of asterisk server]:8089/ws and that you've confirmed the security exception. We're doing testing and development here, not deployment to real production, so this is "okay."

Next, click the "Expert mode?" form button. It will open a new browser tab. In the Expert settings box, use a configuration similar to the following:

Here, we have made the following changes:

Checked the "Disable Video" box

Filled in the WebSocket Server URL using the format:

wss : // (ip address of asterisk) : 8089 / ws

Checked the "Disable 3GPP Early IMS" box

Click "Save" and return to the other demo tab with the Registration box.

Next, click "Login" and you should see Connected as such:

You should see a corresponding connection happen on the Asterisk CLI. You can log into the Asterisk CLI by performing:

No Format

# asterisk -vvvr

Then, you can LogOut and Login and see something like:

No Format

== WebSocket connection from '10.27.74.22:54984' for protocol 'sip' accepted using version '13'
-- Added contact 'sips:199@10.27.74.22:54984;transport=ws;rtcweb-breaker=no' to AOR '199' with expiration of 200 seconds
== Contact 199/sips:199@10.27.74.22:54984;transport=ws;rtcweb-breaker=no has been created
== Endpoint 199 is now Reachable

Make a test call

In the sipml5 Call control box input 200. Then press the Call button. You'll see a drop-down:

Select "Audio" to continue. Once you do this, Firefox will display a popup asking permission to use your microphone:

Click "Allow."

Next, the Call control box will indicate that the call is proceeding:

Finally, when the call is connected, you will see In Call:

and you will hear "Congratulations, you have successfully installed and executed the Asterisk open source PBX..."